<?php  if ( ! defined('BASEPATH')) exit('No direct script access allowed');
	
	/** 
     * 根据ascii码过滤控制字符 
     * @param type $string 
     */  
    function special_filter($string)  
    {  
        if(!$string) return '';  
         
        $new_string = '';  
        for($i =0; isset($string[$i]); $i++)  
        {  
	        $asc_code = ord($string[$i]); 
	        if($asc_code == 9 || $asc_code == 10 || $asc_code == 13){  
	        	$new_string .= ' ';  
	        }
	        else if($asc_code > 31 && $asc_code != 127){  
	        	$new_string .= $string[$i];  
	        }  
     	}  
      
    	return trim($new_string);  
    } 

    /**
	 * [sql_filter sql注入过滤]
	 * @param  [type] $str [description]
	 * @return [type]               [description]
	 */
	function sql_filter($str){

		$str = strtoupper($str);//转化成大写

		//展示没找到合适的正则表示，找到修改
		if (strpos($str,"DELETE") === false && strpos($str,"ASCII") === false 
		    && strpos($str,"UPDATE") === false && strpos($str,"SELECT") === false
		    && strpos($str,"'") === false && strpos($str,"SUBSTR(") === false
		    && strpos($str,"COUNT(") === false && strpos($str," OR ") === false
		    && strpos($str," AND ") === false  && strpos($str,"DROP") === false
		    && strpos($str,"EXECUTE") === false  && strpos($str,"EXEC") === false
		    && strpos($str,"TRUNCATE") === false && strpos($str,"INTO") === false
		    && strpos($str,"DECLARE") === false && strpos($str,"MASTER") === false
		    ){
			return true;
		}

		return false;
	}
?>